-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Cael...take a more sensible approach...no password parsing to scan > needed...have the AV/mail gateways stop any zip with any executable > inside. You don't need to use the password to see that there is an > .exe/.scr/.com/.whatever inside a zip. You see it, you nuke the zip. > If your policies allow zipped executables to meander through your mail > system as long as they pass a virues scan, you must have damned busy 0 > days. This ain't complicated...at all.
Hi Bart, Interesting suggestion but I'm not prepared to arbitrarily kill any zipped executable (even just those which have been passworded). I'm just not comfortable with the false-positives. Historically, passworded .zip files have been the only remotely acceptable way to e-mail executables. I'm hesitant to give that up. I'd still rather allow all passworded .zips and rely on the client's AV to nab it. take care, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFARhzgR2vQ2HfQHfsRAs3cAKCadpIZHrs4IAekAgzsH9lA9+V1tgCeJKLt xeNUFGPnYnBA9kZXKIFOFas= =/9B3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
